Impostor Fraud Is On the Rise

Impostor Fraud is Increasing in the United States . According to an FBI report from October 2013- May 2018 there were 41,158 U.S. Businesses that loss an estimated $2.9 billion to this type of fraud.

What is Impostor Fraud?
Impostor fraud involves a fraudster posing as a person or entity you do business with and trust such as an executive of your own company, a vendor, or in some cases even the Internal Revenue Service. The Impostor contacts you by phone, email, or fax and submits a phony invoice or request for payment or makes a change to vendor payment instructions. After this fraudulent payment is made your money is lost.

There are several methods this type of fraud is perpetrated on unsuspecting companies:

Executive Impostor
A fraudster posing as an executive of your company instructs you via an official looking email or fax, instructs you to make one or more payments usually by wire and tells you to keep this transfer of company funds confidential.

Vendor Impostor
A fraudster posing as a vendor using an official looking email or fax request you to change the current payment instructions : bank name, routing and accounting numbers.

An employee of a vendor company copies or scans a vendor invoice and then creates a counterfeit vendor invoice with payment directed to a new business bank account.

A hacker breaches your email system using malware and after observing the pattern of payment requests  then submits a fraudulent invoice for payment that looks official except for changes to payment instructions.

The best business internal control procedures  to implement  in order  prevent becoming a victim of impostor fraud are:

  1. Verify the request for payment by contacting the vendor or office of the company executive prior to any transfer of funds being completed by phone
  2. Use dual custody where the Initiator and manager  must  approve before any wire transfer or payment is made.
  3. Monitor business account activity to spot any unusual  activity or unauthorized transactions.
  4.  Protect company email accounts  by never giving out login credentials on line or over the phone and update computer virus and security software on a regular schedule.


One of the best methods to follow to reduce the opportunity for fraud to occur is follow the rule: Trust, but verify!